agentforce-d360-analyze

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands via the Salesforce CLI (sf) to handle authentication and organization discovery. These calls use list-based argument passing to prevent shell injection and are necessary for retrieving the required access tokens for Data Cloud.
  • [EXTERNAL_DOWNLOADS]: Fetches session audit data from official Salesforce Data Cloud REST APIs using the urllib library. The destination URLs are dynamically resolved from the user's authenticated Salesforce configuration.
  • [SAFE]: Includes a dedicated fs_guard.py utility that enforces strict regex-based validation for all session identifiers and organization IDs. This prevents path-traversal attacks and ensures that audit files are stored securely within the designated local data directory.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 01:15 PM
Security Audit — agent-trust-hub — agentforce-d360-analyze